Web P2p Control,p2p Plartform Server,client Tools Security Vulnerabilities

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality and integrity and availability of host system. This bulletin identifies the steps to address the vulnerabilities. CVE-2023-45285, CVE-2023-39326, CVE-2023-45283...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2023-45283, CVE-2023-45284)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality and integrity of host system, caused by failure related with filepath and safefilepath packages. This bulletin identifies the steps to address the vulnerabilities....

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2024-24785, CVE-2023-45289, CVE-2024-24783, CVE-2023-45290, CVE-2024-24784)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to denial of service, loss of confidentiality, integrity and availability of host system. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Storage Protect Server may be vlunerable to machine-in-the-middle attack due to Golang Go (CVE-2023-48795)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when used with certain OpenSSH extensions. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to denial of service, loss of confidentiality and availability of host system. This bulletin identifies the steps to address the vulnerabilities. CVE-2023-39318, CVE-2023-39321, CVE-2023-39319,...

Security Bulletin: IBM Storage Protect Server may be susceptible to loss of confidentiality vulnerability due to Golang Go (CVE-2023-45287)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality caused by timing-side channel attack in RSA based key exchange methods used in crypto/tls. Vulnerability Details ** CVEID: CVE-2023-45287 DESCRIPTION: **Golang Go could...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to execution of arbitrary code caused by improper enforvement of line directive restrictions, and denial of service caused by an uncontrolled resource consumption flaw in the net/http and...

Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server ( CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296)

Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, loss of confidentiality, integrity or availability. CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296. This bulletin...

Security Bulletin: Denial of service vulnerability in Amazon Ion may affect IBM Storage Protect Server

Summary IBM Storage Protect Server may be affected by denial of service caused by stack-based overflow in Amazon Ion. CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-21634 DESCRIPTION: **Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to insecure cryptographic algorithm and information disclosure due to DB2 JDBC Driver (CVE-2023-47152)

Summary DB2 JDBC driver is shipped with IBM Tivoli Netcool Impact as part of the db2 data source adapter. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-47152 DESCRIPTION: **IBM Db2 for...

Security Bulletin: IBM Tivoli Netcool Impact could provide weaker tha expected security due to IBM WebSphere Application Server Liberty (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Apache Camel (CVE-2024-22371)

Summary Apache Camel is shipped with IBM Tivoli Netcool Impact as part of the data provider interface in the GUI server. Information about a security vulnerability affecting Apache ActiveMQ has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2024-22371 DESCRIPTION:...

[SECURITY] [DLA 3855-1] pdns-recursor security update

Debian LTS Advisory DLA-3855-1 [email protected] https://www.debian.org/lts/security/ ; Daniel Leidert July 01, 2024 https://wiki.debian.org/LTS Package : pdns-recursor Version : 4.1.11-1+deb10u2 CVE...

Debian: Security Advisory (DLA-3845-1)

The remote host is missing an update for the...

Debian dla-3855 : pdns-recursor - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3855 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3855-1 [email protected] ...

RHEL 8 : httpd:2.4/httpd (RHSA-2024:4197)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4197 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd:2.4: httpd: HTTP...

Simple Laboratory Management System 1.0 SQL Injection

...

openssh security update

[8.7p1-38.0.2] - Restore dropped earlier ifdef condition for safe _exit(1) call in sshsigdie() [Orabug: 36783468] Resolves...

Debian: Security Advisory (DLA-3830-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3837-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3826-1)

The remote host is missing an update for the...

Ubuntu: Security Advisory (USN-6844-2)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1856)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1859)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1871)

The remote host is missing an update for the Huawei...

CVE-2024-38528

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...

CVE-2024-39468

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such...

CVE-2023-1733

(A denial of service condition exists in the Prometheus server bundled...

Important Photon OS Security Update - PHSA-2024-5.0-0307

Updates of ['openssh'] packages of Photon OS have been...

Welotec Industrial Routers Improper Access Control (CVE-2023-1083)

An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

OpenSSH < 9.8 RCE

The version of OpenSSH installed on the remote host is prior to 9.8. It is, therefore, affected by a vulnerability as referenced in the release-9.8 advisory. This release contains fixes for two security problems, one critical and one minor. 1) Race condition in sshd(8) A critical...

OpenSSH: Remote Code Execution

Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description A vulnerability has been discovered in OpenSSH. Please review the CVE identifier referenced...

Debian: Security Advisory (DSA-5713-1)

The remote host is missing an update for the...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1876)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DLA-3839-1)

The remote host is missing an update for the...

Liferea: Remote Code Execution

Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...

Debian: Security Advisory (DSA-5706-1)

The remote host is missing an update for the...

CVE-2024-1493

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...

Debian dla-3853 : tryton-server - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3853 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3853-1 [email protected] ...

Debian dla-3854 : tryton-client - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3854 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3854-1 [email protected] ...

CVE-2024-39251

An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges via sending crafted IOCTL...

Debian dla-3851 : gunicorn - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3851 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3851-1 [email protected] ...

K000140222: OpenSSH server vulnerability CVE-2024-6387

Security Advisory Description A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler...

OpenSSH vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages openssh - secure shell (SSH) for secure access to remote machines Details It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access...

Microweber 2.0.15 - Stored XSS

...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1866)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1852)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1862)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DSA-5722-1)

The remote host is missing an update for the...

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly".....